I have some code that makes a few Net::HTTP calls some over https This code works fine when used in irb
however, when used from rails or the rails console I get an error:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
from /Users/kevzettler/.rbenv/versions/2.0.0-p353/lib/ruby/2.0.0/net/http.rb:918:in `connect'
I avoided the issue by passing a SSL verification manually like following code.
uri = URI(#url)
req = Net::HTTP::Get.new(uri.path)
response = Net::HTTP.start(
uri.host, uri.port,
:use_ssl => uri.scheme == 'https',
:verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
https.request(req)
end
Quoted from here: https://github.com/matsubo/web_update_checker/blob/master/lib/web_update_checker.rb#L44
Related
Trying to send a notification with fb_graph gem and rails 3.2. I have done like the docs describe at https://github.com/nov/fb_graph/wiki/notifications:
user = FbGraph::User.new('matake')
app = FbGraph::Application.new(APP_ID, :secret => APP_SECRET)
app.notify!(
user,
:href => 'http://matake.jp',
:template => 'Your friend #[12345] achieved new badge!'
)
but this returns SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshake failure in production server
I've seen many answers here, but none of them has worked.
I'm using omniauth-oauth2 gem to integrate with a third-party customer.
I'm using the setup phase described here but I'm always getting this error:
Authentication failure! failed_to_connect: Faraday::Error::ConnectionFailed, SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
Faraday::Error::ConnectionFailed (SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A):
.rvm/rubies/ruby-2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in `connect'
.rvm/rubies/ruby-2.0.0-p247/lib/ruby/2.0.0/net/http.rb:918:in `block in connect'
My initializer at config/initializers is:
Rails.application.config.middleware.use OmniAuth::Builder do
client_id = 'my_client_id'
client_secret = 'secret'
ca_file = Rails.root.join('config', 'cacert.pem').to_s
ssl_options = {}
ssl_options[:ca_path] = '/usr/local/etc/openssl'
ssl_options[:ca_file] = ca_file
provider :my_partner_provider, client_id, client_secret, :client_options => {:ssl => ssl_options},
setup: ->(env){
req = Rack::Request.new(env)
site = "https://#{req.params.fetch('shop')}"
env['omniauth.strategy'].options[:client_options][:site] = site
}
end
I've tried with and without ssl options.
To complement, here's my stack: https://gist.github.com/cleytonmessias/11274209
I've typed in terminal openssl s_client -showcerts -connect partnerurl.com:443 <<<OK and it returned this: https://gist.github.com/cleytonmessias/11288646
Does anyone know the solution to this issue?
Thanks to #mislav who give the hint to change SSL version.
I had to change this because my partner has its application built using asp.net and uses this version of SSL. More info at https://mislav.net/2013/07/ruby-openssl/
So the final code is as follows:
Rails.application.config.middleware.use OmniAuth::Builder do
client_id = 'my_client_id'
client_secret = 'secret'
ssl_options = {}
ssl_options[:version] = :TLSv1
ssl = {}
ssl[:ssl] = ssl_options
provider :partner, client_id, client_secret,
client_options: { connection_opts: ssl} ,
setup: ->(env){
req = Rack::Request.new(env)
token_url = "https://#{req.params.fetch('shop')}"
env['omniauth.strategy'].options[:client_options][:token_url] = token_url
}
end
I am getting OpenSSL::SSL::SSLError while making one http_request. Please find the code mentioned below.
require 'net/http'
uri = URI.parse("http://webaddress.com")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new("/v1.1/auth")
request.add_field('Content-Type', 'application/json')
request.body = {"auth_token"=>"abcd" ,"employee" => {"method" => "add_employee"}}
response = http.request(request)
It's throwing following error :
SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol
Please let me know why this error is coming? and what could be the reason for this error.
I am using the OAuth gem to do two-legged oauth verification, but when I try to use the access token I get the following error:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
/usr/ruby1.9.2/lib/ruby/1.9.1/net/http.rb:678:in `connect'
/usr/ruby1.9.2/lib/ruby/1.9.1/net/http.rb:678:in `block in connect'
/usr/ruby1.9.2/lib/ruby/1.9.1/timeout.rb:44:in `timeout'
/usr/ruby1.9.2/lib/ruby/1.9.1/timeout.rb:87:in `timeout'
Here's the code:
uri = construct_uri
consumer = OAuth::Consumer.new("key",
"secret",
:site => "remote site",
:request_token_path => "",
:authorize_path => "",
:access_token_path => "",
:http_method => :get,
:scheme => "query_string"
)
access_token = OAuth::AccessToken.new consumer
response = access_token.request(:get, uri)
The error occurs on the last line. This code had been working for a few months and seemed to break overnight. Also what's strange is this code works when I execute it in the local rails console. From what I've read I think it has to do with the OAuth gem not being able to find the file path to my certificates, although I'm not sure where to start debugging this on heroku. On heroku we're using SNI SSL.
There's a workaround detailed here: https://github.com/intridea/omniauth/issues/404
Put OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE in an initializer. Apparently this is a bug with the OAuth gem that's since been fixed.
There's a workaround detailed here: https://github.com/intridea/omniauth/issues/404
Put OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE in an initializer. Apparently this is a bug with the OAuth gem that's since been fixed.
I obtained a key/secret for userless access at the foursquare developer site and now I want to fetch data with the use of the foursquare2 gem:
#foursquare = Foursquare2::Client.new(:client_id => 'xxx', :client_secret => 'yyy')
This works fine on localhost but on Heroku I get the following error:
ActionView::Template::Error (SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed)
I didn't set up any SSL or Omniauth within the app.
Update: Found the solution! You have to pass in a ssl hash with the path to heroku's certificates path.
#foursquare = Foursquare2::Client.new(:client_id => 'xxx',
:client_secret => 'yyy',
:ssl => { :verify => OpenSSL::SSL::VERIFY_PEER, :ca_file => '/usr/lib/ssl/certs/ca-certificates.crt' })
I also mentioned that problem under ruby 1.9.3. After downgrading to ruby 1.9.2 I didn't get that error anymore...